a plurality of information carriers distributed to authorized users for secure storage of information related to carrying out of transactions by said authorized users, each information carrier having a passive data storage medium but lacking any data processing unit, said information stored on said passive data storage medium being in encrypted form and including transaction messages, cryptographic keys, and at least one digital certificate issued to an authorized user; and

a drive for reading and writing information relating to transactions on an information carrier presented thereto by an authorized user, said drive connected via a communications link or network to a host computer, said drive having a control unit executing secure protocols for mediating communication between said host computer and drive and between said drive and information carrier, said drive also having a cryptographic processing unit providing encryption and decryption of transaction messages and digital certificates in accord with said secure protocols executed by said control unit and using cryptographic keys, including cryptographic keys stored by said drive and cryptographic keys read from said information carriers, as specified by said secure protocols.